Cyber Glossary - T
Tabletop Exercise – A discussion-based exercise where personnel with roles and responsibilities in a particular IT plan meet in a classroom setting or in breakout groups to validate the content of the plan by discussing their roles during an emergency and their responses to a particular emergency situation. A facilitator initiates the discussion by presenting a scenario and asking questions based on the scenario. (SP 800-84) (NISTIR)
Tactical Data – Information that requires protection from disclosure and modification for a limited duration as determined by the originator or information owner. (CNSSI-4009) (NISTIR)
Tactical Edge – The platforms, sites, and personnel (U. S. military, allied, coalition partners, first responders) operating at lethal risk in a battle space or crisis environment characterized by
1) a dependence on information systems and connectivity for survival and mission success,
2) high threats to the operational readiness of both information systems and connectivity, and
3) users are fully engaged, highly stressed, and dependent on the availability, integrity, and transparency of their information systems. (CNSSI-4009) (NISTIR)
Tailored Security Control Baseline – A set of security controls resulting from the application of tailoring guidance to the security control baseline. See Tailoring. (SP 800-37; SP 800-53; SP 800-53A) (NISTIR)
Tailored Trustworthy Space – Definition: A cyberspace environment that provides a user with confidence in its security, using automated mechanisms to ascertain security conditions and adjust the level of security based on the user's context and in the face of an evolving range of threats. (Adapted from: National Science and Technology Council's Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program) (NICCS)
Tailoring – The process by which a security control baseline is modified based on: (i) the application of scoping guidance; (ii) the specification of compensating security controls, if needed; and (iii) the specification of organization-defined parameters in the security controls via explicit assignment and selection statements. (SP 800-37; SP 800-53; SP 800-53A; CNSSI-4009) (NISTIR)
Tailoring (Assessment Procedures) – The process by which assessment procedures defined in Special Publication 800-53A are adjusted, or scoped, to match the characteristics of the information system under assessment, providing organizations with the flexibility needed to meet specific organizational requirements and to avoid overly-constrained assessment approaches. (SP 800-53A) (NISTIR)
Tampering – An intentional event resulting in modification of a system, its intended behavior, or data. (CNSSI-4009) (NISTIR)
Target Audience. An individual or group selected for influence. Also called TA. (This term and its definition modify the existing term and its definition and are approved for inclusion in the next edition of JP 1-02) (Jt Pub 3-13)
Target of Evaluation (TOE) – In accordance with Common Criteria, an information system, part of a system or product, and all associated documentation, that is the subject of a security evaluation. (CNSSI-4009) (NISTIR)
Targets – In the NICE Workforce Framework, cybersecurity work where a person: Applies current knowledge of one or more regions, countries, non-state entities, and/or technologies. (From: NICE Workforce Framework) (NICCS)
TAXII (Trusted Automated Exchange of Indicator Info) - TAXII is not an information sharing program and does not define trust agreements. Rather, it is a set of specifications for exchanging cyberthreat information to help organizations share information with their partners.
TAXII has the following three sharing models:
- Hub and Spoke: One central clearinghouse.
- Source/Subscriber: One organization is the single source of information.
- Peer-to-Peer: Multiple organizations share their information.
TAXII defines the following four services, where each service is optional and services can be combined in different ways for different sharing models:
- Inbox: A service to receive pushed content (push messaging).
- Poll: A service to request content (pull messaging).
Collection Management: A service to learn about and request subscriptions to data collections.
Technology Research and Development – In the NICE Workforce Framework, cybersecurity work where a person: Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility. (From: NICE Workforce Framework) (NICCS)
Technical Controls – The security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. (SP 800-53; SP 800-53A; SP 800-37; FIPS 200) (NISTIR)
Technical Non-repudiation – The contribution of public key mechanisms to the provision of technical evidence supporting a non-repudiation security service. (SP 800-32) (NISTIR)
Technical Reference Model (TRM) – A component-driven, technical framework that categorizes the standards and technologies to support and enable the delivery of service components and capabilities. (CNSSI-4009) (NISTIR)
Technical Security Controls – Security controls (i.e., safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system. (CNSSI-4009(NISTIR)
Technical Vulnerability Information – Detailed description of a weakness to include the implementable steps (such as code) necessary to exploit that weakness. (CNSSI-4009) (NISTIR)
Telecommunications – Preparation, transmission, communication, or related processing of information (writing, images, sounds, or other data) by electrical, electromagnetic, electromechanical, electro-optical, or electronic means. (CNSSI-4009) (NISTIR)
Telework – The ability for an organization’s employees and contractors to perform work from locations other than the organization’s facilities. (SP 800-46) (NISTIR)
Tempest – A name referring to the investigation, study, and control of unintentional compromising emanations from telecommunications and automated information systems equipment. (FIPS 140-2) (NISTIR)
TEMPEST – A name referring to the investigation, study, and control of compromising emanations from telecommunications and automated information systems equipment. (CNSSI-4009) (NISTIR)
TEMPEST Test – Laboratory or on-site test to determine the nature of compromising emanations associated with an information system. (CNSSI-4009) (NISTIR)
TEMPEST Zone – Designated area within a facility where equipment with appropriate TEMPEST characteristics (TEMPEST zone assignment) may be operated. (CNSSI-4009) (NISTIR)
Test – A type of assessment method that is characterized by the process of exercising one or more assessment objects under specified conditions to compare actual with expected behavior, the results of which are used to support the determination of security control effectiveness over time. (SP 800-53A) (NISTIR)
Test and Evaluation – In the NICE Workforce Framework, cybersecurity work where a person: Develops and conducts tests of systems to evaluate compliance with specifications and requirements by applying principles and methods for cost-effective planning, evaluating, verifying, and validating of technical, functional, and performance characteristics (including interoperability) of systems or elements of systems incorporating information technology. (From: NICE Workforce Framework) ((NICCS)
Test Key – Key intended for testing of COMSEC equipment or systems. (CNSSI-4009) (NISTIR)
Threat – Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, or the Nation through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. (SP 800-53; SP 800-53A; SP 800-27; SP 800-60; SP 800- 37; CNSSI-4009 The potential source of an adverse event. SOURCE: SP 800-61) (NISTIR)
A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. (Adapted from: DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4) (NICCS)
Extended Definition: Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence.
Threat Actor – Synonym(s): threat agent
Threat Analysis – The detailed evaluation of the characteristics of individual threats.
Extended Definition: In the NICE Workforce Framework, cybersecurity work where a person: Identifies and assesses the capabilities and activities of cyber criminals or foreign intelligence entities; produces findings to help initialize or support law enforcement and counterintelligence investigations or activities. (Adapted from: DHS personnel; From NICE Workforce Framework) (NICCS)
An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. (NICCS)
Related Term(s): adversary, attacker (Adapted from: DHS Risk Lexicon) (NICCS)
The examination of threat sources against system vulnerabilities to determine the threats for a particular system in a particular operational environment. (SP 800-27 See) (NISTIR)
Threat Assessment – Formal description and evaluation of threat to an information system. SOURCE: SP 800-53; SP 800-18
Process of formally evaluating the degree of threat to an information system or enterprise and describing the nature of the threat. (CNSSI-4009; SP 800-53A) (NISTIR)
The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property. (NICCS)
Related Term(s): threat analysis (From: DHS Risk Lexicon and adapted from: CNSSI 4009, NIST SP 800-53, Rev 4) (NICCS)
Threat Event – An event or situation that has the potential for causing undesirable consequences or impact. (SP 800-30) (NISTIR)
Threat Monitoring – Analysis, assessment, and review of audit trails and other information collected for the purpose of searching out system events that may constitute violations of system security. (CNSSI-4009) (NISTIR)
Threat Scenario – A set of discrete threat events, associated with a specific threat source or multiple threat sources, partially ordered in time. (SP 800-30) (NISTIR)
Threat Shifting – Response from adversaries to perceived safeguards and/or countermeasures (i.e., security controls), in which the adversaries change some characteristic of their intent to do harm in order to avoid and/or overcome those safeguards/countermeasures. (SP 800-30) (NISTIR)
Threat Source – The intent and method targeted at the intentional exploitation of a vulnerability or a situation and method that may accidentally trigger a vulnerability. Synonymous with Threat Agent. (CNSSI-4009) (NISTIR)
Ticket – In access control, data that authenticates the identity of a client or a service and, together with a temporary encryption key (a session key), forms a credential. (Adapted from: IETF RFC 4120 Kerberos V5, July 2005; Conrad, E., Misenauer, S., & Feldman, J. (2010). CISSP® Study Guide. Burlington, MA: Syngress) (NICCS)
Time Bomb – Resident computer program that triggers an unauthorized act at a predefined time. (CNSSI-4009 (NISTIR)
Time-Compliance Date – Date by which a mandatory modification to a COMSEC end-item must be incorporated if the item is to remain approved for operational use. (CNSSI-4009) (NISTIR)
Time-Dependent Password – Password that is valid only at a certain time of day or during a specified interval of time. (CNSSI-4009) (NISTIR)
TOE Security Functions (TSF) – Set consisting of all hardware, software, and firmware of the TOE that must be relied upon for the correct enforcement of the TOE Security Policy (TSP). (CNSSI-4009) (NISTIR)
TOE Security Policy (TSP) – Set of rules that regulate how assets are managed, protected, and distributed within the TOE. SOURCE: CNSSI-4009
Token – Something that the Claimant possesses and controls (typically a key or password) that is used to authenticate the Claimant’s identity. (SP 800-63) (NISTIR)
Total Risk – The potential for the occurrence of an adverse event if no mitigating action is taken (i.e., the potential for any applicable threat to exploit a system vulnerability). (SP 800-16) (NISTIR)
Tracking Cookie – A cookie placed on a user’s computer to track the user’s activity on different Web sites, creating a detailed profile of the user’s behavior. (SP 800-83) (NISTIR)
Tradecraft Identity – An identity used for the purpose of work-related interactions that may or may not be synonymous with an individual’s true identity. (CNSSI-4009) (NISTIR)
Traditional INFOSEC Program – Program in which NSA acts as the central procurement agency for the development and, in some cases, the production of INFOSEC items. This includes the Authorized Vendor Program. Modifications to the INFOSEC end-items used in products developed and/or produced under these programs must be approved by NSA. (CNSSI-4009) (NISTIR)
Traffic Analysis – A form of passive attack in which an intruder observes information about calls (although not necessarily the contents of the messages) and makes inferences, e.g., from the source and destination numbers, or frequency and length of the messages. SOURCE: SP 800-24
The analysis of patterns in communications for the purpose of gaining intelligence about a system or its users. It does not require examination of the content of the communications, which may or may not be decipherable. For example, an adversary may be able to detect a signal from a reader that could enable it to infer that a particular activity is occurring (e.g., a shipment has arrived, someone is entering a facility) without necessarily learning an identifier or associated data. SOURCE: SP 800-98
Gaining knowledge of information by inference from observable characteristics of a data flow, even if the information is not directly available (e.g., when the data is encrypted). These characteristics include the identities and locations of the source(s) and destination(s) of the flow, and the flow's presence, amount, frequency, and duration of occurrence. (CNSSI-4009) (NISTIR)
Traffic Encryption Key (TEK) – Key used to encrypt plain text or to superencrypt previously encrypted text and/or to decrypt cipher text. (CNSSI-4009)
Traffic Light Protocol – A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience. (Adapted from: US-CERT) (NICCS)
Traffic Padding – Generation of mock communications or data units to disguise the amount of real data units being sent. (CNSSI-4009) (NISTIR)
Traffic-Flow Security (TFS) – Techniques to counter Traffic Analysis. (CNSSI-4009) (NISTIR)
Training (Information Security) – Training strives to produce relevant and needed (information) security skills and competencies. (SP 800-50) (NISTIR)
Training Assessment – An evaluation of the training efforts. (SP 800-16) (NISTIR)
Training Effectiveness – A measurement of what a given student has learned from a specific course or training event. (SP 800-16) (NISTIR)
Training Effectiveness Evaluation – Information collected to assist employees and their supervisors in assessing individual students’ subsequent on-the-job performance, to provide trend data to assist trainers in improving both learning and teaching, and to be used in return-on-investment statistics to enable responsible officials to allocate limited resources in a thoughtful, strategic manner among the spectrum of IT security awareness, security literacy, training, and education options for optimal results among the workforce as a whole. (SP 800-16) (NISTIR)
Tranquility – Property whereby the security level of an object cannot change while the object is being processed by an information system. (CNSSI-4009) (NISTIR)
Transmission – The state that exists when information is being electronically sent from one location to one or more other locations. (CNSSI-4009) (NISTIR)
Transmission Control Protocol – See TCP
Transmission Security – (TRANSEC) Measures (security controls) applied to transmissions in order to prevent interception, disruption of reception, communications deception, and/or derivation of intelligence by analysis of transmission characteristics such as signal parameters or message externals. Note: TRANSEC is that field of COMSEC which deals with the security of communication transmissions, rather than that of the information being communicated. (CNSSI-4009) (NISTIR)
The component of communications security that results from all measures designed to protect transmissions from interception and exploitation by means other than cryptanalysis. (This term and its definition are provided for information and are proposed for inclusion in the next edition of JP 1-02 by JP 6-0) (Jt Pub 3-13)
Transport Layer Security (TLS) – An authentication and security protocol widely implemented in browsers and Web servers. (SP 800-63) (NISTIR)
Trap Door – 1. A means of reading cryptographically protected information by the use of private knowledge of weaknesses in the cryptographic algorithm used to protect the data. 2. In cryptography, one-to-one function that is easy to compute in one direction, yet believed to be difficult to invert without special information. (CNSSI-4009) (NISTIR)
Triple DES – An implementation of the Data Encryption Standard (DES) algorithm that uses three passes of the DES algorithm instead of one as used in ordinary DES applications. Triple DES provides much stronger encryption than ordinary DES but it is less secure than AES. (CNSSI-4009) (NISTIR)
Trojan Horse – A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. (From: CNSSI 4009) (NICCS)
A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. (CNSSI-4009) (NISTIR)
Troll - A person or group of people that invites discord on the internet by starting arguments or posting inflammatory, extraneous, or off-topic messages in an online community with the deliberate intent of provoking readers into an emotional response or otherwise disrupting normal on-topic discussion. SOURCE: Cyberspace Solarium Commission Final Report, 2020
Trust Anchor – A public key and the name of a certification authority that is used to validate the first certificate in a sequence of certificates. The trust anchor’s public key is used to verify the signature on a certificate issued by a trust anchor certification authority. The security of the validation process depends upon the authenticity and integrity of the trust anchor. Trust anchors are often distributed as self-signed certificates. SOURCE: SP 800-57 Part 1
An established point of trust (usually based on the authority of some person, office, or organization) from which an entity begins the validation of an authorized process or authorized (signed) package. A "trust anchor" is sometimes defined as just a public key used for different purposes (e.g., validating a Certification Authority, validating a signed software package or key, validating the process [or person] loading the signed software or key). SOURCE: CNSSI-4009
A public or symmetric key that is trusted because it is directly built into hardware or software, or securely provisioned via out-of-band means, rather than because it is vouched for by another trusted entity (e.g. in a public key certificate). (SP 800-63) (NISTIR)
Trust List – The collection of trusted certificates used by Relying Parties to authenticate other certificates. (SP 800-32; CNSSI-4009) (NISTIR)
Trusted Agent – Entity authorized to act as a representative of an agency in confirming Subscriber identification during the registration process. Trusted Agents do not have automated interfaces with Certification Authorities. (SP 800-32; CNSSI-4009) (NISTIR)
Trusted Certificate – A certificate that is trusted by the Relying Party on the basis of secure and authenticated delivery. The public keys included in trusted certificates are used to start certification paths. Also known as a "trust anchor." (SP 800-32; CNSSI-4009) (NISTIR)
Trusted Channel – A channel where the endpoints are known and data integrity is protected in transit. Depending on the communications protocol used, data privacy may be protected in transit. Examples include SSL, IPSEC, and secure physical connection. (CNSSI-4009) (NISTIR)
Trusted Computer System – A system that employs sufficient hardware and software assurance measures to allow its use for processing simultaneously a range of sensitive or classified information. (CNSSI-4009) (NISTIR)
Trusted Computing Base (TCB) – Totality of protection mechanisms within a computer system, including hardware, firmware, and software, the combination responsible for enforcing a security policy. (CNSSI-4009) (NISTIR)
Trusted Distribution – Method for distributing trusted computing base (TCB) hardware, software, and firmware components that protects the TCB from modification during distribution. (CNSSI-4009) (NISTIR)
Trusted Foundry – Facility that produces integrated circuits with a higher level of integrity assurance. (CNSSI-4009((NISTIR)
Trusted Identification Forwarding – Identification method used in information system networks whereby the sending host can verify an authorized user on its system is attempting a connection to another host. The sending host transmits the required user authentication information to the receiving host. (CNSSI-4009) (NISTIR)
Trusted Path – A mechanism by which a user (through an input device) can communicate directly with the security functions of the information system with the necessary confidence to support the system security policy. This mechanism can only be activated by the user or the security functions of the information system and cannot be imitated by untrusted software. (SP 800-53; CNSSI-4009) (NISTIR)
Trusted Path – A means by which an operator and a target of evaluation security function can communicate with the necessary confidence to support the target of evaluation security policy. (FIPS 140-2) (NISTIR)
Trusted Platform Module (TPM) – An international standard for a secure cryptoprocessor, which is a dedicated microprocessor designed to secure hardware by integrating cryptographic keys into devices. (UK 2016)
Trusted Platform Module (TPM) Chip – A tamper-resistant integrated circuit built into some computer motherboards that can perform cryptographic operations (including key generation) and protect small amounts of sensitive information, such as passwords and cryptographic keys. (SP 800-111) (NISTIR)
Trusted Process – Process that has been tested and verified to operate only as intended. (CNSSI-4009) (NISTIR)
Trusted Recovery – Ability to ensure recovery without compromise after a system failure. (CNSSI-4009) (NISTIR)
Trusted Software – Software portion of a trusted computing base (TCB). (CNSSI-4009) (NISTIR)
Trusted Timestamp – A digitally signed assertion by a trusted authority that a specific digital object existed at a particular time. (SP 800-32; CNSSI-4009) (NISTIR)
Trustworthiness – The attribute of a person or organization that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. SOURCE: SP 800-79
The attribute of a person or enterprise that provides confidence to others of the qualifications, capabilities, and reliability of that entity to perform specific tasks and fulfill assigned responsibilities. SOURCE: CNSSI-4009; SP 800-39 Security decisions with respect to extended investigations to determine and confirm qualifications, and suitability to perform specific tasks and responsibilities. (FIPS 201) (NISTIR)
Trustworthy System – Computer hardware, software and procedures that— 1) are reasonably secure from intrusion and misuse; 2) provide a reasonable level of availability, reliability, and correct operation; 3) are reasonably suited to performing their intended functions; and 4) adhere to generally accepted security procedures. (SP 800-32) (NISTIR)
TSEC – Telecommunications Security. (CNSSI-4009) (NISTIR)
TSEC Nomenclature – System for identifying the type and purpose of certain items of COMSEC material. (CNSSI-4009) (NISTIR)
Tunneling – Technology enabling one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. (CNSSI-4009) (NISTIR)
Two-Part Code – Code consisting of an encoding section, in which the vocabulary items (with their associated code groups) are arranged in alphabetical or other systematic order, and a decoding section, in which the code groups (with their associated meanings) are arranged in a separate alphabetical or numeric order. SOURCE: CNSSI-4009
Two-Person Control (TPC) – Continuous surveillance and control of positive control material at all times by a minimum of two authorized individuals, each capable of detecting incorrect and unauthorized procedures with respect to the task being performed and each familiar with established security and safety requirements. (CNSSI-4009) (NISTIR)
Two-Person Integrity (TPI) – System of storage and handling designed to prohibit individual access by requiring the presence of at least two authorized individuals, each capable of detecting incorrect or unauthorized security procedures with respect to the task being performed. See No-Lone Zone. (CNSSI-4009) (NISTIR)
Type 1 Key – Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of national security information. (CNSSI-4009, as modified) (NISTIR)
Type 1 Product – Cryptographic equipment, assembly or component classified or certified by NSA for encrypting and decrypting national security information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring the most stringent protection mechanisms. (CNSSI-4009, as modified) (NISTIR)
Type 2 Key – Generated and distributed under the auspices of NSA for use in a cryptographic device for the protection of unclassified information. SOURCE: CNSSI-4009, as modified
Type 2 Product – Cryptographic equipment, assembly, or component certified by NSA for encrypting or decrypting sensitive information when appropriately keyed. Developed using established NSA business processes and containing NSA-approved algorithms. Used to protect systems requiring protection mechanisms exceeding best commercial practices including systems used for the protection of unclassified information. (CNSSI-4009, as modified) (NISTIR)
Type 3 Key – Used in a cryptographic device for the protection of unclassified sensitive information, even if used in a Type 1 or Type 2 product. (CNSSI-4009) (NISTIR)
Type 3 Product – Unclassified cryptographic equipment, assembly, or component used, when appropriately keyed, for encrypting or decrypting unclassified sensitive U.S. government or commercial information, and to protect systems requiring protection mechanisms consistent with standard commercial practices. Developed using established commercial standards and containing NIST-approved cryptographic algorithms/modules or successfully evaluated by the National Information Assurance Partnership (NIAP). (CNSSI-4009) (NISTIR)
Type 4 Key – Used by a cryptographic device in support of its Type 4 functionality, i.e., any provision of key that lacks U.S. government endorsement or oversight. (CNSSI-4009) (NISTIR)
Type 4 Product – Unevaluated commercial cryptographic equipment, assemblies, or components that neither NSA nor NIST certify for any government usage. These products are typically delivered as part of commercial offerings and are commensurate with the vendor’s commercial practices. These products may contain either vendor proprietary algorithms, algorithms registered by NIST, or algorithms registered by NIST and published in a FIPS. (CNSSI-4009) (NISTIR)
Type Accreditation – A form of accreditation that is used to authorize multiple instances of a major application or general support system for operation at approved locations with the same type of computing environment. In situations where a major application or general support system is installed at multiple locations, a type accreditation will satisfy C&A requirements only if the application or system consists of a common set of tested and approved hardware, software, and firmware. (CNSSI-4009) (NISTIR)
Type Certification – The certification acceptance of replica information systems based on the comprehensive evaluation of the technical and nontechnical security features of an information system and other safeguards, made as part of and in support of the formal approval process, to establish the extent to which a particular design and implementation meet a specified set of security requirements. (CNSSI-4009) (NISTIR)